CVE-2025-50108
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | hyperion_financial_reporting | 11.2.20.0.000 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Hyperion Financial Reporting product, specifically in the Workspace component of version 11.2.20.0.000. It allows a low privileged attacker with network access via HTTP to compromise the system. Exploiting this vulnerability requires human interaction from someone other than the attacker. Successful exploitation can lead to unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of accessible data within Oracle Hyperion Financial Reporting. The vulnerability affects confidentiality and integrity but not availability.
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized modification (update, insert, delete) and unauthorized reading of some data within Oracle Hyperion Financial Reporting. This means an attacker could alter or access sensitive financial reporting data without proper authorization, potentially leading to data breaches, misinformation, and loss of data integrity. The attack requires network access and some user interaction, but once exploited, it can compromise the confidentiality and integrity of the data.